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Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- tf NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )M Responsive to communication(s) filed on 15 May 2006 . 
2a)D This action is FINAL. 2b)l3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) 21-43 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) |3 Claim(s) 21-41 is/are rejected. 

7) E3 Claim(s) 42^3 is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 1 9(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 
Claim Rejections - 35 USC § 102 

1. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in a printed publication in this 
or a foreign country, before the invention thereof by the applicant for a patent. 

2. Claims 21-41 are rejected under 35 U.S.C. 102(a) as being anticipated by Jansen et al. 
NIST Special Publication 800-19-Mobile Agent Security. 

3. As per claim 21, Jansen teaches a server, in communication with a first host and a second 
host(see top of pg. 19, lines 1-3), the first and second hosts executing a mobile application that 
jumps from the first host to the second host during execution, where during the jump from the 
first host to the second host the mobile application and passes through the server(see pg. 19), the 
server storing, prior to a jump to the second host, a first instance of the mobile application, an 
instance of the mobile application including executable code for the mobile application, this is 
taught in Jansen because Jansen teaches, storing, at a centralized security enforcement node, 
prior to jump to a receiving host from a dispatching host(see pg. 2, 2 nd paragraph teaches Mobile 
agents(MA)hopping from peer to peer, see fig. 1 also teaches centralized security and 
dispatching host), the server receiving from the first host, during the jump to the second host, a 
second instance of the mobile application, and the server detecting unwanted changes in contents 
of the mobile application including comparing the first and second instances(see Section, 2. 1.2, 
3.2, pg. 9 and 4.2.2). 
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4. As per claim 22, Jansen teaches wherein the contents are one or more from the group 
containing code, state data and itinerary data(see pg. 17, section 4.1.4, pg. 21, 4.2.2). 

5. As per claim 23, Jansen teaches wherein the server detects unwanted changes responsive 
to receiving the mobile application from an untrusted host(see pg. 6, section 2.3.4, 3.2). 

6. As per claim 24, Jansen teaches wherein the server stores the first instance of the mobile 
application responsive to the mobile application being received from a trusted host(see section 
3.2, pg. 9, and 4.2.2). 

7. As per claim 25, Jansen teaches wherein the first instance includes a first checksum and 
the second instance includes a second checksum(see section 3.3, pg. 10-11, section 4, pg. 13). 

8. As per claim 26, Jansen teaches wherein the first instance includes a copy of the mobile 
application as it existed prior to the jump and the second instance includes a copy of the mobile 
application as it existed during the jump(see section, 2.1.2, 3.2, pg. 9 and 4.2.2). 

9. As per claim 27, Jansen teaches wherein the server forwards the mobile application to the 
second host(see pg. 19). 

10. As per claims 28, 35, Jansen teaches a centralized method for verifying integrity of a 
jumping mobile application at a location other than a dispatching host or a receiving host(see pg. 
19), storing, prior to a jump and at a server, a first instance of a mobile application that jumps 
from a first host to a second host during execution, an instance of the mobile application 
including executable code for the mobile application; receiving, during the jump and at the 
server, a second instance of the mobile application(see pg. 2, and section 2.1.2, 4.2.2); and 
detecting unwanted changes in contents of the mobile application including the server comparing 
the first and second instances(see section 3.2). 
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11. As per claim 29, it is rejected under the same basis as claim 22. 

12. As per claim 30, Jansen teaches wherein detecting unwanted changes includes detecting 
unwanted changes responsive to receiving the mobile application from an untrusted host(see pg. 
15-17, section 3.2, 4.2.2). 

13. As per claim 31, Jansen teaches wherein storing includes storing the first instance of the 
mobile application responsive to the mobile application being received from a trusted host(see 
pg. 2, section 2.1.2, 4.2.2). 

14. As per claim 32, it is rejected under the same basis as claim 25. 

15. As per claim 33, it is rejected under the same basis as claim 26. 

16. As per claims 34, 41 , it is rejected under the same basis as claim 27. 

17. As per claim 37, it is rejected under the same basis as claim 30. 

18. As per claim 38, it is rejected under the same basis as claim 3 1 . 

19. As per claim 39, it is rejected under the same basis as claim 25. 

20. As per claim 40, it is rejected under the same basis as claim 26. 

21. As per claim 42-43 are allowable for the features of, "when the first host is determined as 
being allowed to inject code, retrieve the code from the first host and send the code to the mobile 
application". In the prior art of security nor networking discloses inject code in the mobile 
application. Prior art discloses the mobile application jumping to another host or application, but 
does not disclose injecting code. 

Response to Amendment 

22. The Applicant states that Jansen does not disclose the server storing, prior to a jump to 
the second host, a first instance of the mobile application. The Examiner disagrees with the 
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Applicant. Jansen discloses a path histories is a scheme for allowing an agent's itinerary to be 
recorded and tracked(see pg. 21). When moving between agent platforms, and agent conveys the 
last platform, current platform, and the next platform(see pg. 19). A record is maintained and 
inconsistencies are noted(see pg. 21). The Examiner asserts that the last platform is the first 
instance, and the current platform is the platform the current mobile application is at, and the 
second instance is the next platform. 

23. The Applicant states that Jansen does not teach "the central computer further includes 
means for monitoring the security of the mobile application as it jumps between the host 
computers wherein when the mobile application is communicated from a first host to a second 
host, it passes through the central computer" as set forth in the claim. The Examiner disagrees 
with the Applicant, Jansen teaches that the Jumping beans agent system addressed security issues 
by implementing a client-server architecture, whereby an agent always returns to a secure central 
host before moving onto any other platform(see pg. 19). 

24. The Applicant states that Jansen does not teach that a central computer stores a copy of a 
mobile application and then compares it to the mobile application after execution by another 
host. The Examiner disagrees with the Applicant. Jansen teaches this, because Jansen teaches 
protecting against modification of code, i.e. comparing the original to the one received and 
section 4.2.2 Mutual Itinerary Recording teaches tracking and comparing the Itinerary list as it 
traverses the peers-Since Jansen teaches both central and distributed Central host(see pg. 19), 
this reads on using one stored copy for comparison purposes. The Applicant states that 
executable code is not taught. The Examiner asserts that the system and method of Jansen is 
being taught as being used on a computer thus executable code is taught. 
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25. The Applicant states that Jansen does not disclose the security monitoring means for 
detecting unwanted changes in the code associated with the mobile application when the mobile 
application is jumping between hosts. The Examiner disagrees since Jansen teaches a central 
host allowing tampering to be detected and prevented from accepting agents/code from someone 
not defined as a trusted (see pg. 22). 

26. The Applicant states that Jansen does not disclose the central computer detects unwanted 
changes in the code associated with the mobile application when the mobile application is 
jumping between hosts. The Examiner disagrees since Jansen teaches a secure central host 
which is interpreted as being capable of providing central security(see pg. 19). Further, Jansen 
discloses that a digital signature is included into the code, if the digital signature can verified 
than the agent has not been tampered with, if it cannot be verified that it has been tampered 
with(seepg. 16, 18). 

Final Action 

27. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
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however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jenise E. Jackson whose telephone number is (571) 272-3791. 
The examiner can normally be reached on M-Th (6:00 a.m. - 3:30 p.m.) alternate Friday's. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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